{"id":"CVE-2026-31520","summary":"HID: apple: avoid memory leak in apple_report_fixup()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nHID: apple: avoid memory leak in apple_report_fixup()\n\nThe apple_report_fixup() function was returning a\nnewly kmemdup()-allocated buffer, but never freeing it.\n\nThe caller of report_fixup() does not take ownership of the returned\npointer, but it *is* permitted to return a sub-portion of the input\nrdesc, whose lifetime is managed by the caller.","modified":"2026-05-18T05:59:50.179724857Z","published":"2026-04-22T13:54:35.534Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31520.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/239c15116d80f67d32f00acc34575f1a6b699613"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2635d0c715f3fb177e0f80ecd5fa48feb6bf3884"},{"type":"WEB","url":"https://git.kernel.org/stable/c/31860c3f7ac66ab897a8c90dc4e74fa17ca0b624"},{"type":"WEB","url":"https://git.kernel.org/stable/c/be1a341c161430282acdfe2ac99b413271575cf1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e2f090aeb7b9930a964e151910f4d45b04c8a7e5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/e652ebd29928181c3e6820e303da25873e9917d4"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/31xxx/CVE-2026-31520.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31520"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6e143293e17a73c9313f91c5ca3aaacbaef030cf"},{"fixed":"e2f090aeb7b9930a964e151910f4d45b04c8a7e5"},{"fixed":"2635d0c715f3fb177e0f80ecd5fa48feb6bf3884"},{"fixed":"31860c3f7ac66ab897a8c90dc4e74fa17ca0b624"},{"fixed":"be1a341c161430282acdfe2ac99b413271575cf1"},{"fixed":"e652ebd29928181c3e6820e303da25873e9917d4"},{"fixed":"239c15116d80f67d32f00acc34575f1a6b699613"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31520.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.17.0"},{"fixed":"6.1.168"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.131"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.80"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.21"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.11"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-31520.json"}}],"schema_version":"1.7.5"}